The first step in our strategy focuses on the most fallible of all the pieces in the security puzzle, the human element.
A large portion of security breaches are due to stolen credentials either exposed in a data breach, obtained through a phishing attack or more sinister methods like keyloggers or buying them on the dark web. On top of that, a ridiculous amounts of data loss and damages are caused by employee negligence.
Now, employee negligence sounds a bit harsh and finger pointy, basically what this means is that the employee did not follow cyber security protocols, but many companies don’t have cyber security protocols, or haven’t implemented effective cyber security training, so lets add employer negligence here too.
The second biggest contributor to security breaches can be attributed to vulnerabilities in outdated or badly coded themes and plugins.
So we maintain a weekly update schedule to keep things fresh.
We also monitor various WordPress blogs and databases for known vulnerabilities.
There are over 260 million self hosted WordPress websites, making WordPress sites a juicy target for hackers.
We’ve already covered negligence and outdated software so here we will detail additional security measures that we implement to defend our sites against the OWASP top 10 security vulnerabilities.
Whenever I talk about backups I have to quote Patrick Gallagher the CEO of GridPane (Our favourite hosting panel)
“Good backups are like insurance… if insurance covered everything, cost practically nothing, and always paid out.“
While a backups can’t protect you against security breaches or data breaches, they do protect you against data loss.
We employ comprehensive backup schedules on all of our hosting plans. The retention period is 14 days. Business and Enterprise clients may provide their own credentials for OneDrive, Dropbox, pCloud, Amazon S3 or DigitalOcean Spaces to have a copy of the backup sent to their cloud storage provider of choice.
Knowing is half that battle, and that’s where logging comes in. Activity logging, along with strong access and identity management, allows us to determine exactly which user or service worker is responsible for every action that takes place in our hosting environment and on our clients sites.